1/* $NetBSD: pcap-int.h,v 1.5 2018/09/03 15:26:43 christos Exp $ */
2
3/*
4 * Copyright (c) 1994, 1995, 1996
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by the Computer Systems
18 * Engineering Group at Lawrence Berkeley Laboratory.
19 * 4. Neither the name of the University nor of the Laboratory may be used
20 * to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36#ifndef pcap_int_h
37#define pcap_int_h
38
39#include <signal.h>
40
41#include <pcap/pcap.h>
42
43#include "varattrs.h"
44#include "fmtutils.h"
45
46/*
47 * Version string.
48 * Uses PACKAGE_VERSION from config.h.
49 */
50#define PCAP_VERSION_STRING "libpcap version " PACKAGE_VERSION
51
52#ifdef __cplusplus
53extern "C" {
54#endif
55
56#ifdef MSDOS
57 #include <fcntl.h>
58 #include <io.h>
59#endif
60
61/*
62 * Swap byte ordering of unsigned long long timestamp on a big endian
63 * machine.
64 */
65#define SWAPLL(ull) ((ull & 0xff00000000000000ULL) >> 56) | \
66 ((ull & 0x00ff000000000000ULL) >> 40) | \
67 ((ull & 0x0000ff0000000000ULL) >> 24) | \
68 ((ull & 0x000000ff00000000ULL) >> 8) | \
69 ((ull & 0x00000000ff000000ULL) << 8) | \
70 ((ull & 0x0000000000ff0000ULL) << 24) | \
71 ((ull & 0x000000000000ff00ULL) << 40) | \
72 ((ull & 0x00000000000000ffULL) << 56)
73
74/*
75 * Maximum snapshot length.
76 *
77 * Somewhat arbitrary, but chosen to be:
78 *
79 * 1) big enough for maximum-size Linux loopback packets (65549)
80 * and some USB packets captured with USBPcap:
81 *
82 * http://desowin.org/usbpcap/
83 *
84 * (> 131072, < 262144)
85 *
86 * and
87 *
88 * 2) small enough not to cause attempts to allocate huge amounts of
89 * memory; some applications might use the snapshot length in a
90 * savefile header to control the size of the buffer they allocate,
91 * so a size of, say, 2^31-1 might not work well.
92 *
93 * We don't enforce this in pcap_set_snaplen(), but we use it internally.
94 */
95#define MAXIMUM_SNAPLEN 262144
96
97struct pcap_opt {
98 char *device;
99 int timeout; /* timeout for buffering */
100 u_int buffer_size;
101 int promisc;
102 int rfmon; /* monitor mode */
103 int immediate; /* immediate mode - deliver packets as soon as they arrive */
104 int nonblock; /* non-blocking mode - don't wait for packets to be delivered, return "no packets available" */
105 int tstamp_type;
106 int tstamp_precision;
107
108 /*
109 * Platform-dependent options.
110 */
111#ifdef __linux__
112 int protocol; /* protocol to use when creating PF_PACKET socket */
113#endif
114#ifdef _WIN32
115 int nocapture_local;/* disable NPF loopback */
116#endif
117};
118
119typedef int (*activate_op_t)(pcap_t *);
120typedef int (*can_set_rfmon_op_t)(pcap_t *);
121typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *);
122typedef int (*next_packet_op_t)(pcap_t *, struct pcap_pkthdr *, u_char **);
123typedef int (*inject_op_t)(pcap_t *, const void *, size_t);
124typedef void (*save_current_filter_op_t)(pcap_t *, const char *);
125typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *);
126typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t);
127typedef int (*set_datalink_op_t)(pcap_t *, int);
128typedef int (*getnonblock_op_t)(pcap_t *);
129typedef int (*setnonblock_op_t)(pcap_t *, int);
130typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *);
131#ifdef _WIN32
132typedef struct pcap_stat *(*stats_ex_op_t)(pcap_t *, int *);
133typedef int (*setbuff_op_t)(pcap_t *, int);
134typedef int (*setmode_op_t)(pcap_t *, int);
135typedef int (*setmintocopy_op_t)(pcap_t *, int);
136typedef HANDLE (*getevent_op_t)(pcap_t *);
137typedef int (*oid_get_request_op_t)(pcap_t *, bpf_u_int32, void *, size_t *);
138typedef int (*oid_set_request_op_t)(pcap_t *, bpf_u_int32, const void *, size_t *);
139typedef u_int (*sendqueue_transmit_op_t)(pcap_t *, pcap_send_queue *, int);
140typedef int (*setuserbuffer_op_t)(pcap_t *, int);
141typedef int (*live_dump_op_t)(pcap_t *, char *, int, int);
142typedef int (*live_dump_ended_op_t)(pcap_t *, int);
143typedef PAirpcapHandle (*get_airpcap_handle_op_t)(pcap_t *);
144#endif
145typedef void (*cleanup_op_t)(pcap_t *);
146
147/*
148 * We put all the stuff used in the read code path at the beginning,
149 * to try to keep it together in the same cache line or lines.
150 */
151struct pcap {
152 /*
153 * Method to call to read packets on a live capture.
154 */
155 read_op_t read_op;
156
157 /*
158 * Method to call to read the next packet from a savefile.
159 */
160 next_packet_op_t next_packet_op;
161
162#ifdef _WIN32
163 HANDLE handle;
164#else
165 int fd;
166#endif /* _WIN32 */
167
168 /*
169 * Read buffer.
170 */
171 u_int bufsize;
172 void *buffer;
173 u_char *bp;
174 int cc;
175
176 sig_atomic_t break_loop; /* flag set to force break from packet-reading loop */
177
178 void *priv; /* private data for methods */
179
180#ifdef ENABLE_REMOTE
181 struct pcap_samp rmt_samp; /* parameters related to the sampling process. */
182#endif
183
184 int swapped;
185 FILE *rfile; /* null if live capture, non-null if savefile */
186 u_int fddipad;
187 struct pcap *next; /* list of open pcaps that need stuff cleared on close */
188
189 /*
190 * File version number; meaningful only for a savefile, but we
191 * keep it here so that apps that (mistakenly) ask for the
192 * version numbers will get the same zero values that they
193 * always did.
194 */
195 int version_major;
196 int version_minor;
197
198 int snapshot;
199 int linktype; /* Network linktype */
200 int linktype_ext; /* Extended information stored in the linktype field of a file */
201 int tzoff; /* timezone offset */
202 int offset; /* offset for proper alignment */
203 int activated; /* true if the capture is really started */
204 int oldstyle; /* if we're opening with pcap_open_live() */
205
206 struct pcap_opt opt;
207
208 /*
209 * Place holder for pcap_next().
210 */
211 u_char *pkt;
212
213#ifdef _WIN32
214 struct pcap_stat stat; /* used for pcap_stats_ex() */
215#endif
216
217 /* We're accepting only packets in this direction/these directions. */
218 pcap_direction_t direction;
219
220 /*
221 * Flags to affect BPF code generation.
222 */
223 int bpf_codegen_flags;
224
225#if !defined(_WIN32) && !defined(MSDOS)
226 int selectable_fd; /* FD on which select()/poll()/epoll_wait()/kevent()/etc. can be done */
227
228 /*
229 * In case there either is no selectable FD, or there is but
230 * it doesn't necessarily work (e.g., if it doesn't get notified
231 * if the packet capture timeout expires before the buffer
232 * fills up), this points to a timeout that should be used
233 * in select()/poll()/epoll_wait()/kevent() call. The pcap_t should
234 * be put into non-blocking mode, and, if the timeout expires on
235 * the call, an attempt should be made to read packets from all
236 * pcap_t's with a required timeout, and the code must be
237 * prepared not to see any packets from the attempt.
238 */
239 struct timeval *required_select_timeout;
240#endif
241
242 /*
243 * Placeholder for filter code if bpf not in kernel.
244 */
245 struct bpf_program fcode;
246
247 char errbuf[PCAP_ERRBUF_SIZE + 1];
248 int dlt_count;
249 u_int *dlt_list;
250 int tstamp_type_count;
251 u_int *tstamp_type_list;
252 int tstamp_precision_count;
253 u_int *tstamp_precision_list;
254
255 struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */
256
257 /*
258 * More methods.
259 */
260 activate_op_t activate_op;
261 can_set_rfmon_op_t can_set_rfmon_op;
262 inject_op_t inject_op;
263 save_current_filter_op_t save_current_filter_op;
264 setfilter_op_t setfilter_op;
265 setdirection_op_t setdirection_op;
266 set_datalink_op_t set_datalink_op;
267 getnonblock_op_t getnonblock_op;
268 setnonblock_op_t setnonblock_op;
269 stats_op_t stats_op;
270
271 /*
272 * Routine to use as callback for pcap_next()/pcap_next_ex().
273 */
274 pcap_handler oneshot_callback;
275
276#ifdef _WIN32
277 /*
278 * These are, at least currently, specific to the Win32 NPF
279 * driver.
280 */
281 stats_ex_op_t stats_ex_op;
282 setbuff_op_t setbuff_op;
283 setmode_op_t setmode_op;
284 setmintocopy_op_t setmintocopy_op;
285 getevent_op_t getevent_op;
286 oid_get_request_op_t oid_get_request_op;
287 oid_set_request_op_t oid_set_request_op;
288 sendqueue_transmit_op_t sendqueue_transmit_op;
289 setuserbuffer_op_t setuserbuffer_op;
290 live_dump_op_t live_dump_op;
291 live_dump_ended_op_t live_dump_ended_op;
292 get_airpcap_handle_op_t get_airpcap_handle_op;
293#endif
294 cleanup_op_t cleanup_op;
295};
296
297/*
298 * BPF code generation flags.
299 */
300#define BPF_SPECIAL_VLAN_HANDLING 0x00000001 /* special VLAN handling for Linux */
301
302/*
303 * This is a timeval as stored in a savefile.
304 * It has to use the same types everywhere, independent of the actual
305 * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some
306 * platforms and 64-bit tv_sec values on other platforms, and writing
307 * out native `struct timeval' values would mean files could only be
308 * read on systems with the same tv_sec size as the system on which
309 * the file was written.
310 */
311
312struct pcap_timeval {
313 bpf_int32 tv_sec; /* seconds */
314 bpf_int32 tv_usec; /* microseconds */
315};
316
317/*
318 * This is a `pcap_pkthdr' as actually stored in a savefile.
319 *
320 * Do not change the format of this structure, in any way (this includes
321 * changes that only affect the length of fields in this structure),
322 * and do not make the time stamp anything other than seconds and
323 * microseconds (e.g., seconds and nanoseconds). Instead:
324 *
325 * introduce a new structure for the new format;
326 *
327 * send mail to "tcpdump-workers@lists.tcpdump.org", requesting
328 * a new magic number for your new capture file format, and, when
329 * you get the new magic number, put it in "savefile.c";
330 *
331 * use that magic number for save files with the changed record
332 * header;
333 *
334 * make the code in "savefile.c" capable of reading files with
335 * the old record header as well as files with the new record header
336 * (using the magic number to determine the header format).
337 *
338 * Then supply the changes by forking the branch at
339 *
340 * https://github.com/the-tcpdump-group/libpcap/issues
341 *
342 * and issuing a pull request, so that future versions of libpcap and
343 * programs that use it (such as tcpdump) will be able to read your new
344 * capture file format.
345 */
346
347struct pcap_sf_pkthdr {
348 struct pcap_timeval ts; /* time stamp */
349 bpf_u_int32 caplen; /* length of portion present */
350 bpf_u_int32 len; /* length this packet (off wire) */
351};
352
353/*
354 * How a `pcap_pkthdr' is actually stored in savefiles written
355 * by some patched versions of libpcap (e.g. the ones in Red
356 * Hat Linux 6.1 and 6.2).
357 *
358 * Do not change the format of this structure, in any way (this includes
359 * changes that only affect the length of fields in this structure).
360 * Instead, introduce a new structure, as per the above.
361 */
362
363struct pcap_sf_patched_pkthdr {
364 struct pcap_timeval ts; /* time stamp */
365 bpf_u_int32 caplen; /* length of portion present */
366 bpf_u_int32 len; /* length this packet (off wire) */
367 int index;
368 unsigned short protocol;
369 unsigned char pkt_type;
370};
371
372/*
373 * User data structure for the one-shot callback used for pcap_next()
374 * and pcap_next_ex().
375 */
376struct oneshot_userdata {
377 struct pcap_pkthdr *hdr;
378 const u_char **pkt;
379 pcap_t *pd;
380};
381
382#ifndef min
383#define min(a, b) ((a) > (b) ? (b) : (a))
384#endif
385
386int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *);
387
388#include <stdarg.h>
389
390#include "portability.h"
391
392/*
393 * Does the packet count argument to a module's read routine say
394 * "supply packets until you run out of packets"?
395 */
396#define PACKET_COUNT_IS_UNLIMITED(count) ((count) <= 0)
397
398/*
399 * Routines that most pcap implementations can use for non-blocking mode.
400 */
401#if !defined(_WIN32) && !defined(MSDOS)
402int pcap_getnonblock_fd(pcap_t *);
403int pcap_setnonblock_fd(pcap_t *p, int);
404#endif
405
406/*
407 * Internal interfaces for "pcap_create()".
408 *
409 * "pcap_create_interface()" is the routine to do a pcap_create on
410 * a regular network interface. There are multiple implementations
411 * of this, one for each platform type (Linux, BPF, DLPI, etc.),
412 * with the one used chosen by the configure script.
413 *
414 * "pcap_create_common()" allocates and fills in a pcap_t, for use
415 * by pcap_create routines.
416 */
417pcap_t *pcap_create_interface(const char *, char *);
418pcap_t *pcap_create_common(char *, size_t);
419int pcap_do_addexit(pcap_t *);
420void pcap_add_to_pcaps_to_close(pcap_t *);
421void pcap_remove_from_pcaps_to_close(pcap_t *);
422void pcap_cleanup_live_common(pcap_t *);
423int pcap_check_activated(pcap_t *);
424
425/*
426 * Internal interfaces for "pcap_findalldevs()".
427 *
428 * A pcap_if_list_t * is a reference to a list of devices.
429 *
430 * A get_if_flags_func is a platform-dependent function called to get
431 * additional interface flags.
432 *
433 * "pcap_platform_finddevs()" is the platform-dependent routine to
434 * find local network interfaces.
435 *
436 * "pcap_findalldevs_interfaces()" is a helper to find those interfaces
437 * using the "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.).
438 *
439 * "add_dev()" adds an entry to a pcap_if_list_t.
440 *
441 * "find_dev()" tries to find a device, by name, in a pcap_if_list_t.
442 *
443 * "find_or_add_dev()" checks whether a device is already in a pcap_if_list_t
444 * and, if not, adds an entry for it.
445 */
446struct pcap_if_list;
447typedef struct pcap_if_list pcap_if_list_t;
448typedef int (*get_if_flags_func)(const char *, bpf_u_int32 *, char *);
449int pcap_platform_finddevs(pcap_if_list_t *, char *);
450#if !defined(_WIN32) && !defined(MSDOS)
451int pcap_findalldevs_interfaces(pcap_if_list_t *, char *,
452 int (*)(const char *), get_if_flags_func);
453#endif
454pcap_if_t *find_or_add_dev(pcap_if_list_t *, const char *, bpf_u_int32,
455 get_if_flags_func, const char *, char *);
456pcap_if_t *find_dev(pcap_if_list_t *, const char *);
457pcap_if_t *add_dev(pcap_if_list_t *, const char *, bpf_u_int32, const char *,
458 char *);
459int add_addr_to_dev(pcap_if_t *, struct sockaddr *, size_t,
460 struct sockaddr *, size_t, struct sockaddr *, size_t,
461 struct sockaddr *dstaddr, size_t, char *errbuf);
462#ifndef _WIN32
463pcap_if_t *find_or_add_if(pcap_if_list_t *, const char *, bpf_u_int32,
464 get_if_flags_func, char *);
465int add_addr_to_if(pcap_if_list_t *, const char *, bpf_u_int32,
466 get_if_flags_func,
467 struct sockaddr *, size_t, struct sockaddr *, size_t,
468 struct sockaddr *, size_t, struct sockaddr *, size_t, char *);
469#endif
470
471/*
472 * Internal interfaces for "pcap_open_offline()".
473 *
474 * "pcap_open_offline_common()" allocates and fills in a pcap_t, for use
475 * by pcap_open_offline routines.
476 *
477 * "sf_cleanup()" closes the file handle associated with a pcap_t, if
478 * appropriate, and frees all data common to all modules for handling
479 * savefile types.
480 */
481pcap_t *pcap_open_offline_common(char *ebuf, size_t size);
482void sf_cleanup(pcap_t *p);
483
484/*
485 * Internal interfaces for both "pcap_create()" and routines that
486 * open savefiles.
487 *
488 * "pcap_oneshot()" is the standard one-shot callback for "pcap_next()"
489 * and "pcap_next_ex()".
490 */
491void pcap_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *);
492
493#ifdef _WIN32
494void pcap_win32_err_to_str(DWORD, char *);
495#endif
496
497int install_bpf_program(pcap_t *, struct bpf_program *);
498
499int pcap_strcasecmp(const char *, const char *);
500
501#ifdef YYDEBUG
502extern int pcap_debug;
503#endif
504
505#ifdef __cplusplus
506}
507#endif
508
509#endif
510